Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


OpenVPN IPv6
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

OpenVPN IPv6

dnwkdnwk Member

Could someone give me a sample configuration for OpenVPN that can do V4V6 Tunnel allowing clients without IPv6 to connect to IPv6?

Comments

  • john_kjohn_k Member
    edited October 2013

    Clients don't need to have IPv6 internet, but they must have dual stack.

    So you create a tunnel for your clients over IPv4, but inside the tunnel your clients would use IPv6 over the tap device.

    If you have an already running openVPN over IPv4, just configure the tap/tun to use dual stack, and set the clients to use ip6 by default, being the ip6 default gateway that of the server.

    The critical thing is not in the openVPN config, but in configuring dual stack on every machine. (Pretty straight forward, btw)

    As for openVPN, it has to be built with --enable-ipv6

    openvpn --version

    OpenVPN 2.3_ [PF_INET6] [IPv6 payload

  • @john_k said:

    Clients don't need to have IPv6 internet, but they must have double stack.

    So you create a tunnel for your clients over IPv4, but inside the tunnel you clients would use IPv6 over the tap device.

    If you have an already running openVPN over IPv4, just configure the tap/tun to use double stack, and set the clients to use ip6 by default, being the ip6 default gateway that of the server.

    The critical thing is not in the openVPN config, but in configuring dual stack on every machine. (Pretty straight forward, btw)

    As for openVPN, it has to be built with --enable-ipv6

    Mine just has PF_INET6 and not IPv6 payload. Does that mean ipv6 won't work on it? It's a default apt-get install openvpn on debian 6

  • john_kjohn_k Member
    edited October 2013

    You can have native IPv6, but not IPv6 over IPv4, if you haven't built IPv6 Payload option on you openVPN binary.

    I'm not up-to-date with any openvpn development beyond version 2.3
    What I do know is openVPN 2.3 built with the ' [PF_INET6] [IPv6 payload]' options, works perfectly on any configuration on dual stack, v4 on v4, v4 on v6, v6 over v6 and ip6 over ip4.

  • rm_rm_ IPv6 Advocate, Veteran
    edited October 2013

    You can have anything you want if you run OpenVPN in TAP mode.

  • @rm_ said:
    You can have anything you want if you run OpenVPN in TAP mode.

    I've tried TAP mode but the client just gets stuck at "obtaining configuration" when I try to connect.

  • Just for clarification....

    I'm using a 2.3 rc1 openVPN version built over 18 months ago.

    It seems recent changes in the development will have the 'Payload' option automatically included with the --enable-ipv6 option and won't appear in the --version tags.

    As always, use the latest versions on the opensource software, build it yourself if necessary or you believe your distro is not up to date.

    It seems to me that IPv6 and dual stack in openVPN are now very mature and well tested.

Sign In or Register to comment.